How can I enforce a S3 policy to let only signed URL get objects?

0 votes

I can generate my signed urls the AWS-SDK node package, and I could confirm they work when my bucket is set as public.

However, I can't find where I can set the parameters mentioned here:

Restrict Bucket Access : Yes

Origin Access Identity : Use an Existing Identity

Restrict Viewer Access(Use Signed URLs) : Yes

Trusted Signers : Self

I do not use Cloudfront and it looks like Cloudfront specifics

Is there any way to set these up (or produce an equivalent behavior) using S3 only? i.e. bucket private by default, only urls signed by one of my IAM users can be served.

Oct 5, 2018 in AWS by eatcodesleeprepeat
• 4,670 points
204 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

You don't need to make a bucket public in order for signed URLs to work. That would entirely defeat the purpose of signed URLs.

and Make sure the IAM user that you are using to generate the pre-signed URL has permissions to read from the bucket.

answered Oct 5, 2018 by Priyaj
• 56,140 points

Related Questions In AWS

0 votes
1 answer
+1 vote
4 answers

Can a URL be directly uploaded to S3 using POST?

You can read this blog and get ...READ MORE

answered Oct 25, 2018 in AWS by chamunda
32 views
0 votes
1 answer

How do I write an S3 Object to a file?

While IOUtils.copy() and IOUtils.copyLarge() are great, I would prefer the old ...READ MORE

answered Jul 13, 2018 in AWS by Hammer
• 360 points
49 views
0 votes
1 answer
0 votes
1 answer

AWS S3 uploading hidden files by default

versioning is enabled in your bucket. docs.aws.amazon.com/AmazonS3/latest/user-guide/….... the ...READ MORE

answered Oct 4, 2018 in AWS by Priyaj
• 56,140 points
107 views
0 votes
1 answer

How to decrypt the encrypted S3 file using aws-encryption-cli --decrypt

Use command : aws s3 presign s3://mybucket/abc_count.png you get ...READ MORE

answered Oct 22, 2018 in AWS by Priyaj
• 56,140 points
219 views
0 votes
1 answer

Import my AWS credentials using python script

Using AWS Cli  Configure your IAM user then ...READ MORE

answered Nov 16, 2018 in AWS by Jino
• 5,520 points
133 views
0 votes
2 answers
0 votes
1 answer

How can I get current date in a CloudFormation script?

The advice by @Guy is correct, you ...READ MORE

answered Aug 29, 2018 in AWS by Priyaj
• 56,140 points
584 views
0 votes
1 answer

How to create a CloudFormation only AWS policy

The easiest way to achieve what you're ...READ MORE

answered Sep 26, 2018 in AWS by Priyaj
• 56,140 points
87 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.